- Guarantee effective data privacy and create trust
- Board department and Group unit for Data Privacy
- Independent Data Privacy Advisory Council
- Privacy and security by design through our Privacy and Security Assessment procedure
- Transparent communication and annual reporting
- Employee training courses
- Annual Group data privacy audit to measure the standard of data privacy within the Group
- Risk-based annual audit program and ad-hoc controls
In 2008 we created a Board of Management department for Data Privacy, Legal Affairs and Compliance as well as the Group Privacy unit. This has given us the necessary capacities for effective data protection. The responsible Board member is advised by the independent Data Privacy Advisory Council, which was founded in February 2009 and comprises renowned experts from politics, science, business and organizations.
We are also committed to improving the political framework conditions to ensure comprehensive data privacy. At the 2015 national IT summit we signed the "Charter for the Promotion of Trustworthy Communications" together with the German Federal Minister of the Interior and other organizations. Its main purpose is to make sure that the encryption of private communications becomes standard.
Consistent transparency toward the public
In 2008 we were the first DAX-30 company to publish an annual data privacy report, which documents all relevant processes at the Group. We have been publishing an integrated report on data privacy and data security since 2011.
Download the 2015 Data Privacy and Data Security Report.
In addition, we have been publishing an annual Transparency Report since 2014. In the report we disclose our obligations to cooperate with German and international security agencies.
Further details and current information regarding data security can be found under http://www.telekom.com/dataprotection. The status report, for example, includes all processes relevant to data privacy at Deutsche Telekom. We present our latest measures to improve data privacy as well as tips for keeping personal information safe.
The section on consumer and youth protection elaborates on how we ensure the safety of our products and services.s
Regular employee training courses
Telecommunications companies are obliged to provide new employees with information on data privacy regulations. Deutsche Telekom goes beyond this legal requirement: Every two years, we train all of our employees in Germany and commit them to data privacy and telecommunications secrecy. Corresponding requirements for national companies are in place. We have also introduced specific trainings in the customer and human resources departments where the risk of data abuse is higher. These trainings include online courses for independent learning, presentations on data privacy and face-to-face courses on specific topics such as "Data privacy at call centers." This helps us make sure that all employees have in-depth understanding of the relevant data privacy policies.
Annual review of measures through audits and certifications
We conduct an annual basic data privacy audit to measure and improve the general data privacy standards at Deutsche Telekom in Germany and at 34 international affiliated companies. In 2015, 30 percent of Group employees were randomly selected and interviewed online. The basic data privacy audit is supplemented by self-assessments completed by the data privacy officers at the national companies on implementation of the requirements defined in the Binding Corporate Rules on Privacy.
Based on the results, the Group Privacy department identifies need for action at the respective departments and requires them to implement improvement measures. To this end, the Global Data Privacy Officer holds personal meetings with the responsible directors, managers and data privacy officers at the different departments. The Group Privacy department supports implementation of the improvement measures by providing information and advice and conducts a follow-up evaluation. Unusual audit results are taken into consideration when planning the follow-up audit.
We also have our processes and management systems as well as products and services certified by external, independent organizations such as TÜV, DEKRA and auditing firms.
Telecommunication companies are legally obliged to cooperate with security agencies. This includes surveillance measures to record telecommunications connections or disclosure of customer information. Deutsche Telekom has been publishing an annual transparency report for Germany since 2014, which covers the types and amount of information we disclose to security agencies. In January 2016 we also published our first international transparency report for all of Deutsche Telekom's national companies.
International legal framework conditions differ considerably. In some countries it is illegal to disclose security measures, in others surveillance is directly conducted by the authorities without the involvement of telecommunications companies. You can find more information on the local situations in the various country reports at http://www.telekom.com/transparency-report.
We consider it the responsibility of the authorities to ensure transparency regarding security measures and called for improved online security in the context of a ten-point program in January 2015. Until our requests are met, we strive to provide the necessary transparency within the legal possibilities.
In January 2015 we launched an international campaign designed to raise employee awareness of the importance of data privacy. The campaign's protagonist is the "data slob". The data slob embodies sloppiness in handling data and information and demonstrates the consequences of treating data privacy lightly. We asked our employees on the Telekom Social Network, TSN, to illustrate these risks as part of an ideas competition under the heading "Don't give the data slob a chance." Around 150 employees took part and addressed the topic in writing, graphically (see cartoons) and even through videos.
In addition, employees can always report potential abuse of data privacy at firstname.lastname@example.org.